CVE-2025-13762

Vulnerability

Overview

CVE-2025-13762 is an improper input validation vulnerability in the CyberArk Secure Web Sessions Extension for Chrome and Edge. The flaw occurs when the extension processes input during the initiation of new Secure Web Sessions (SWS). Insufficient validation can lead to a denial of service (DoS) condition, preventing legitimate users from starting new sessions.

Exploitation

Conditions

An attacker can exploit this vulnerability by sending crafted input to the extension, likely through a malicious web page or by intercepting session initiation requests. No authentication is required beyond the normal browser context, and the attack can be performed remotely. The extension versions prior to 2.2.30305 are affected, as indicated in the official description [1][2].

Impact

Successful exploitation results in a denial of service, rendering the extension unable to start new SWS sessions. This disrupts the protected web application access, continuous authentication, and session recording features that the extension provides. The impact is limited to availability, with no evidence of data compromise or privilege escalation.

Mitigation

CyberArk has addressed this vulnerability in version 2.2.30305 of the Secure Web Sessions Extension. Users should update to this version or later via the Chrome Web Store or Microsoft Edge Add-ons store [1][2]. No workarounds have been publicly documented.